Stefan
Stefan

Reputation: 1511

Wordpress SQL injection detected with OWASP ZAP

I just used OWASP ZAP to scan my page and detected some vulnerabilities and it shows that my page is not SQL injection resistant. OWASP ZAP show that by accessing fallowing URL

/about/?query=query+AND+1%3D1+--+

injection is possible. It is a basic Wordpress page where I display information about my self there is even no input field which I will use to interact with the database by myself. How can I get rid of injection in such case? Is that even possible or it just some lacks inside of the Wordpress core?

Upvotes: 2

Views: 804

Answers (1)

Simon Bennetts
Simon Bennetts

Reputation: 6234

First check to see if it is a real vulnerability. Like all similar tools ZAP can report some false positives. Look at the details of the alert and then try to see if you can confirm its a real issue.

Upvotes: 1

Related Questions